summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-06-27 14:58:29 +0200
committerGitHub <noreply@github.com>2020-06-27 14:58:29 +0200
commit4aca048919b2237ce065bf22a775d782e780ff5a (patch)
tree8e9de4aeceba264e3d17f2a385a0e442cbab89de /data
parent1d97d52120eaa33a3c2edb39e966002dab7f9576 (diff)
parentadfb4c81a41b9eec4b33a27a8d8db7184dbda6da (diff)
downloadvyos-1x-4aca048919b2237ce065bf22a775d782e780ff5a.tar.gz
vyos-1x-4aca048919b2237ce065bf22a775d782e780ff5a.zip
Merge pull request #480 from c-po/t2653
ifconfig: T2653: move macsec interface to get_config_dict()
Diffstat (limited to 'data')
-rw-r--r--data/templates/macsec/wpa_supplicant.conf.tmpl21
1 files changed, 12 insertions, 9 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index a614d23f5..1731bf160 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -45,9 +45,10 @@ network={
# - the key server has decided to enable MACsec
# 0: Encrypt traffic (default)
# 1: Integrity only
- macsec_integ_only={{ '0' if security_encrypt else '1' }}
+ macsec_integ_only={{ '0' if security is defined and security.encrypt is defined else '1' }}
-{% if security_encrypt %}
+{% if security is defined %}
+{% if security.encrypt is defined %}
# mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
# In this mode, instances of wpa_supplicant can act as MACsec peers. The peer
@@ -56,21 +57,22 @@ network={
# hex-string (32 hex-digits) or a 32-byte (256-bit) hex-string (64 hex-digits)
# mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string
# (2..64 hex-digits)
- mka_cak={{ security_mka_cak }}
- mka_ckn={{ security_mka_ckn }}
+ mka_cak={{ security.mka.cak }}
+ mka_ckn={{ security.mka.ckn }}
# mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
# default priority
- mka_priority={{ security_mka_priority }}
-{% endif %}
-{% if security_replay_window %}
+ mka_priority={{ security.mka.priority }}
+{% endif %}
+
+{% if security.replay_window is defined %}
# macsec_replay_protect: IEEE 802.1X/MACsec replay protection
# This setting applies only when MACsec is in use, i.e.,
# - macsec_policy is enabled
# - the key server has decided to enable MACsec
# 0: Replay protection disabled (default)
# 1: Replay protection enabled
- macsec_replay_protect={{ '1' if security_replay_window else '0' }}
+ macsec_replay_protect=1
# macsec_replay_window: IEEE 802.1X/MACsec replay protection window
# This determines a window in which replay is tolerated, to allow receipt
@@ -80,7 +82,8 @@ network={
# - the key server has decided to enable MACsec
# 0: No replay window, strict check (default)
# 1..2^32-1: number of packets that could be misordered
- macsec_replay_window={{ security_replay_window }}
+ macsec_replay_window={{ security.replay_window }}
+{% endif %}
{% endif %}
}